I have read multiple articles on spiceworks about MFA /2factor authentication for office365.<\/p>\n
Advertisement
I am looking to enable it for my end users.<\/p>\n
Advertisement
My reasons why?<\/p>\n
\n
If they were to be phished and they were to provide there credentials to a office365 look alike login screen then at least with the dual-factor piece in place nobody is getting into their account.<\/li>\n
If they had overlapping username/passwords with another account (we know that never happens right). Then if someone tries to login to their webmail through the office365 page they would be presented with the 2nd authentication step.<\/li>\n<\/ol>\n
What i am struggling with is where the “app” password that comes up is helpful. Is this app password that is something that will need to be updated everytime that their domain password is changed?<\/p>\n
We are using AD Sync -<\/p>\n
If the app password is used to allow (outlook access) as well as (mobile access) what is the best way to get my end users to obtain that password? I am wanting to simplify roll out.<\/p>\n
Can 2-factor be enabled but not require there be app passwords?<\/p>","upvoteCount":3,"answerCount":11,"datePublished":"2018-10-03T13:31:13.000Z","author":{"@type":"Person","name":"carlos-holmquist","url":"https://community.spiceworks.com/u/carlos-holmquist"},"suggestedAnswer":[{"@type":"Answer","text":"
I have read multiple articles on spiceworks about MFA /2factor authentication for office365.<\/p>\n
I am looking to enable it for my end users.<\/p>\n
My reasons why?<\/p>\n
\n
If they were to be phished and they were to provide there credentials to a office365 look alike login screen then at least with the dual-factor piece in place nobody is getting into their account.<\/li>\n
If they had overlapping username/passwords with another account (we know that never happens right). Then if someone tries to login to their webmail through the office365 page they would be presented with the 2nd authentication step.<\/li>\n<\/ol>\n
What i am struggling with is where the “app” password that comes up is helpful. Is this app password that is something that will need to be updated everytime that their domain password is changed?<\/p>\n
We are using AD Sync -<\/p>\n
If the app password is used to allow (outlook access) as well as (mobile access) what is the best way to get my end users to obtain that password? I am wanting to simplify roll out.<\/p>\n
Can 2-factor be enabled but not require there be app passwords?<\/p>","upvoteCount":3,"datePublished":"2018-10-03T13:31:13.000Z","url":"https://community.spiceworks.com/t/2-factor-authentication-with-office-365/676612/1","author":{"@type":"Person","name":"carlos-holmquist","url":"https://community.spiceworks.com/u/carlos-holmquist"}},{"@type":"Answer","text":"
App passwords are a “fallback” type of scenario, and are intended to be used with any applications that do NOT support MFA/Modern auth. In other words, using app passwords BYPASSES MFA, so is less secure. They are not tied in to the on-premises or O365 password in any way. Moreover, you can have multiple app passwords configured, and they never expire. It’s a crap solution that should be a thing of the past now that all Microsoft apps and some 3rd party apps support Modern auth. My advise is to disable them, if possible of course.<\/p>\n
